CVE-2016-2156

Опубликовано: 22 мая 2016

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

calendar/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 provides calendar-event data without considering whether an activity is hidden, which allows remote authenticated users to obtain sensitive information via a web-service request.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Версия до 2.6.11 (включая)

cpe:2.3:a:moodle:moodle:2.7.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.2:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.3:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.4:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.5:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.6:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.7:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.8:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.9:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.10:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.11:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.12:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.2:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.3:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.4:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.5:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.6:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.7:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.8:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.9:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.8.10:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.9.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.9.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.9.2:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.9.3:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.9.4:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:3.0.2:*:*:*:*:*:*:*

EPSS

Процентиль: 54%

0.00321

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2016-2156

CVSS3: 4.3

ubuntu

около 9 лет назад

CVE-2016-2156

CVSS3: 4.3

debian

около 9 лет назад

calendar/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13 ...

GHSA-h8vc-v44p-5r2q

CVSS3: 4.3

github

около 3 лет назад

Moodle provides calendar-event data without considering whether an activity is hidden

EPSS

Процентиль: 54%

0.00321

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200